<!DOCTYPE html>
<html>
<head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body>
系统载入中，请稍等...

<?php
// 验证登录信息
session_start();
session_regenerate_id(true); // 防止会话固定性攻击

$account = filter_input(INPUT_POST, 'account', FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);

include_once("../config.php");

// 使用预处理语句防止SQL注入
$_user=select_one_line_all_items($table_prefix."employee","mid = '".$account."'");




// 验证用户名是否存在
if (!$_user) {
    echo "<script language='javascript'>alert('用户名或密码错误！');location='/gate/';</script>";
    exit;
}

// 验证权限
if ($_user['authority'] != '是') {
    echo "<script language='javascript'>alert('没有登录权限！');location='/gate/';</script>";
    exit;
}

// 验证密码
if (md5($password) != $_user['password']) {
    echo "<script language='javascript'>alert('用户名或密码错误！');location='/gate/';</script>";
    exit;
}

// 全部校验通过，数据存入session
$_SESSION['username'] = $_user['name'];
$_SESSION['department'] = $_user['department'];
$_SESSION['departmentid'] = $_user['departmentid'];
$_SESSION['mid'] = $_user['mid'];
$_SESSION['nid'] = $_user['nid'];
$_SESSION['quanxian'] = $_user['quanxian'];
$_SESSION['position'] = $_user['position'];
$_SESSION['utoken'] = $_user['utoken'];

$url = "/controller/extender/asset/view/data_list.php?now_extender=asset";
header("Location: $url");
exit;
?>
